Each year the cost of dealing with security attacks on computer networks increases. Concomitantly, the frequency of security attacks on computer networks increases. Therefore, the need for improved computer network security also increases. A basic method for computer network security is to limit physical and electronic access to the computer network. Limiting physical access to a computer network has been accomplished by placing computers in the network in a secure physical location and then limiting access to the secure physical location by using security guards to ensure that only authorized persons enter the secured location. Limiting electronic access to a computer network has traditionally been accomplished by requiring entry of both a user name and a password at login.
However, as the need for security increases, so does the need for more sophisticated computer network security systems. One type of physical security measure that has been effective in the military, financial, and governmental sectors is simultaneous turnkey authorization. Simultaneous turnkey authorization occurs when two people, each having a unique key, simultaneously insert, and turn their unique keys in order to indicate their dual approval of an action. The unique keys usually fit into locking cylinders which are far enough apart to prevent the same person from simultaneously turning both keys. A need exists for a method of taking the inherent double layer of physical security achieved by simultaneous turnkey authorization and applying the double layer of security electronically in a computer network.
A second physical security method is to require approval of actions or modifications to a sensitive or crucial system. In this type of security precaution, one person prepares and signs a transaction document and, at a later time, a second person reviews the document and indicates approval by also signing the document. The time delay in the subsequent review and approval provides an opportunity for the first person to identify gaps in the security which he may later exploit. Therefore, a need exists for an improvement in a dual signature method of security that provides real-time approval and accountability while preventing exposure of the security system to analysis by someone seeking to defeat the security system.
Another physical security method is to always have at least two people present when accessing a high security application. The dual access requirement deters wrongdoers with the knowledge that someone else will be aware of their access to the high security application. The second person is physically present and can monitor the first person's navigation of the high security application. Moreover, the second person who is physically present can approve any changes and or modification made by the first person. To this end, a need exists for a method of applying the physical security principle of dual access to electronic access in a computer network. A need also exists for a method of allowing the approving person to electronically monitor the accessing person's navigation of the high security application.
The prior art has previously attempted to solve the needs identified above. For example, U.S. Pat. No. 5,774,051 (hereinafter, the '051 patent) discloses a method of activating an alarm in which a pair of keys are simultaneously actuated. The '051 patent discloses a method for indicating alternative modes of operation by repeatedly actuating a single key. However, what is needed beyond the '051 patent is a method and apparatus for limiting access to high security applications and requiring simultaneous approval of any modifications to the high security applications.